Fix reverse zone creation in ipa-replica-prepare

When a new reverse zone was created in ipa-replica-prepare (this
may happen when a new replica is from different subnet), the master
DNS address was corrupted by invalid A/AAAA record. This caused
problems for example in installing replica.

https://fedorahosted.org/freeipa/ticket/1223

6 files changed, 37 insertions, 67 deletions

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index aac85bf23..a76329767 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -62,31 +62,6 @@ def parse_options():
 
     return safe_options, options
 
-def resolve_host(host_name):
-    ip = None
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_DGRAM)
-    except:
-        print "Unable to lookup the IP address of the provided host"
-        return None
-
-    for ai in addrinfos:
-        ip = ai[4][0]
-        if ip == "127.0.0.1" or ip == "::1":
-            print "The hostname resolves to the localhost address (127.0.0.1/::1)"
-            print "Please change your /etc/hosts file so that the hostname."
-            print "resolves to the ip address of your network interface."
-            print ""
-            print "Please fix your /etc/hosts file and restart the setup program."
-            print ""
-            sys.exit("Aborting installation.")
-
-    if addrinfos:
-        ip = addrinfos[0][4][0]
-
-    return ip
-
 def main():
     safe_options, options = parse_options()
 
@@ -211,6 +186,13 @@ except KeyboardInterrupt:
     print "Installation cancelled."
 except RuntimeError, e:
     print str(e)
+except HostnameLocalhost:
+    print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+    print "Please change your /etc/hosts file so that the hostname"
+    print "resolves to the ip address of your network interface."
+    print "The KDC service does not listen on localhost"
+    print ""
+    print "Please fix your /etc/hosts file and restart the setup program"
 except Exception, e:
     message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
     print message
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 49df7fef9..293a0a06c 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -30,6 +30,7 @@ from ipapython import ipautil
 from ipaserver.install import dsinstance, installutils, krbinstance, service
 from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
 from ipaserver.install.replication import check_replication_plugin
+from ipaserver.install.installutils import HostnameLocalhost, resolve_host
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
 from ipalib import api, errors, util
@@ -38,9 +39,6 @@ from ipapython import sysrestore
 
 CACERT="/etc/ipa/ca.crt"
 
-class HostnameLocalhost(Exception):
-    pass
-
 class ReplicaConfig:
     def __init__(self):
         self.realm_name = ""
@@ -131,19 +129,6 @@ def get_host_name(no_host_dns):
 
     return hostname
 
-def resolve_host(host_name):
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_STREAM)
-        for ai in addrinfos:
-            ip = ai[4][0]
-            if ip == "127.0.0.1" or ip == "::1":
-                raise HostnameLocalhost
-
-        return addrinfos[0][4][0]
-    except:
-        return None
-
 def set_owner(config, dir):
     pw = pwd.getpwnam(dsinstance.DS_USER)
     os.chown(dir, pw.pw_uid, pw.pw_gid)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index e9122351f..a41ca5121 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -30,6 +30,7 @@ from ipapython import ipautil
 from ipaserver.install import bindinstance, dsinstance, installutils, certs
 from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_rr, add_ptr_rr
 from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking
+from ipaserver.install.installutils import resolve_host
 from ipaserver.plugins.ldap2 import ldap2
 from ipapython import version
 from ipalib import api, errors, util
@@ -427,7 +428,8 @@ def main():
 
         zone = add_zone(domain, nsaddr=options.ip_address)
         add_rr(zone, name, "A", options.ip_address)
-        add_reverse_zone(options.ip_address)
+        ns_ip_address = resolve_host(api.env.host)
+        add_reverse_zone(options.ip_address, ns_ip_address)
         add_ptr_rr(options.ip_address, replica_fqdn)
 
 try:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 00b133464..3ad623e61 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -28,7 +28,6 @@
 
 import sys
 import os
-import socket
 import errno
 import logging
 import grp
@@ -303,27 +302,6 @@ def read_host_name(host_default,no_host_dns=False):
             break
     return host_name
 
-def resolve_host(host_name):
-    ip = None
-    try:
-        addrinfos = socket.getaddrinfo(host_name, None,
-                                       socket.AF_UNSPEC, socket.SOCK_DGRAM)
-        for ai in addrinfos:
-            ip = ai[4][0]
-            if ip == "127.0.0.1" or ip == "::1":
-                print "The hostname resolves to the localhost address (127.0.0.1/::1)"
-                print "Please change your /etc/hosts file so that the hostname"
-                print "resolves to the ip address of your network interface."
-                print "The KDC service does not listen on localhost"
-                print ""
-                print "Please fix your /etc/hosts file and restart the setup program"
-                return None
-
-        ip = addrinfos[0][4][0]
-    except:
-        print "Unable to lookup the IP address of the provided host"
-    return ip
-
 def read_domain_name(domain_name, unattended):
     print "The domain name has been calculated based on the host name."
     print ""
@@ -987,6 +965,13 @@ try:
         sys.exit(main())
     except SystemExit, e:
         sys.exit(e)
+    except HostnameLocalhost:
+        print "The hostname resolves to the localhost address (127.0.0.1/::1)"
+        print "Please change your /etc/hosts file so that the hostname"
+        print "resolves to the ip address of your network interface."
+        print "The KDC service does not listen on localhost"
+        print ""
+        print "Please fix your /etc/hosts file and restart the setup program"
     except Exception, e:
         if uninstalling:
             message = "Unexpected error - see ipaserver-uninstall.log for details:\n %s" % str(e)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 320868892..fa2745170 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -138,7 +138,7 @@ def add_zone(name, zonemgr=None, dns_backup=None, nsaddr=None, update_policy=Non
     add_rr(name, "@", "NS", api.env.host+'.', dns_backup, force=True)
     return name
 
-def add_reverse_zone(ip_address, update_policy=None, dns_backup=None):
+def add_reverse_zone(ip_address, ns_ip_address, update_policy=None, dns_backup=None):
     zone, name = get_reverse_zone(ip_address)
     if not update_policy:
         update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone)
@@ -146,7 +146,7 @@ def add_reverse_zone(ip_address, update_policy=None, dns_backup=None):
         api.Command.dnszone_add(unicode(zone),
                                 idnssoamname=unicode(api.env.host+"."),
                                 idnsallowdynupdate=True,
-                                ip_address=unicode(ip_address),
+                                ip_address=unicode(ns_ip_address),
                                 idnsupdatepolicy=unicode(update_policy))
     except (errors.DuplicateEntry, errors.EmptyModlist):
         pass
@@ -394,7 +394,8 @@ class BindInstance(service.Service):
             add_ptr_rr(self.ip_address, self.fqdn)
 
     def __setup_reverse_zone(self):
-        add_reverse_zone(self.ip_address, dns_backup=self.dns_backup)
+        add_reverse_zone(self.ip_address, self.ip_address,
+                dns_backup=self.dns_backup)
 
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 3868c4d04..554e9b1cb 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -33,6 +33,9 @@ import time
 from ipapython import ipautil
 from ipapython import dnsclient
 
+class HostnameLocalhost(Exception):
+    pass
+
 def get_fqdn():
     fqdn = ""
     try:
@@ -421,3 +424,15 @@ def wait_for_open_ports(host, ports, timeout=0):
                 else:
                     raise e
 
+def resolve_host(host_name):
+    try:
+        addrinfos = socket.getaddrinfo(host_name, None,
+                                       socket.AF_UNSPEC, socket.SOCK_STREAM)
+        for ai in addrinfos:
+            ip = ai[4][0]
+            if ip == "127.0.0.1" or ip == "::1":
+                raise HostnameLocalhost("The hostname resolves to the localhost address")
+
+        return addrinfos[0][4][0]
+    except:
+        return None